package de.webtech.faceplace.services;

import java.io.IOException;

import javax.servlet.RequestDispatcher;

import org.apache.tapestry5.services.Dispatcher;
import org.apache.tapestry5.services.Request;
import org.apache.tapestry5.services.Response;

public class AccessController implements Dispatcher {
        public boolean dispatch(Request request, Response response) throws IOException {
                
                
                /*
                 * Access control logic goes here. If the user is allowed to access the
                 * resource, canAccess should be set to true.
                 */
                
	        	if(request.getSession(true).getAttribute("user")!=null 
	        			&& (request.getPath().endsWith("welcome") || request.getPath().endsWith("registry"))){
	        		response.sendRedirect("index");
	        	}
        	
                if(request.getSession(true).getAttribute("user")==null 
                		&& !request.getPath().endsWith("welcome") 
                		&& !request.getPath().endsWith("registry")
                		&& !request.getPath().endsWith("contact")
                		&& !request.getPath().endsWith("about")
                		&& !request.getPath().contains("layout/")
                		&& !request.getPath().contains("layout/profilepictures/")){
                        /*
                         * This is an unauthorized request, so throw an exception. We'll need
                         * more grace than this, such as a customized exception page and/or
                         * redirection to a login page...
                         */
                		response.sendRedirect("welcome");
                        //throw new RuntimeException("Access violation!");
                }
                
                return false;
        }
}